About the Blog > Cloud Computing > Brief on AWS IAM

aws cloud iam security user role group permission

Brief on AWS IAM

IAM in Nutshell

Identity Access Management
Web service that helps you securely control access to AWS resources
Allows to assign permission to group of users
Integrates well with Active Directory
Access auditing using CloudTrail to monitor the activties of any account/group

How IAM Works ?

4 key concepts :

Users : Indicates specific individuals
Group : Set or collection of users
Roles : Set or collection of policies (s3 read / s3 write)
Policies : Low level permission to resources (dey/allow)

Best practices

Use Least Priviledge model : Tightens Security and avoids unnecesaary issues (like loss of data , table ,etc)
Be vigilant while changing policies : Tightens Security

User Accessing AWS resources using IAM

More details are here

Example of S3 Read policy

{
  "Id": "Policy123455678",
  "Version": "2012-10-19",
  "Statement": [
    {
      "Sid": "Stmt1889900011111",
      "Action": [
        "s3:GetObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::debaditya.com",
      "Principal": "*"
    }
  ]
}